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The Qualys SECURE Seal represents the highest level of security validation 
available online today. 


Qualys’ SECURE Seal program allows businesses of all sizes to scan their web 
sites for the presence of malware, network and web application vulnerabilities, as 
well as SSL certificate validation. Once a web site passes these four comprehensive 
security scans, the Qualys SECURE Seal service generates a trustmark (or seal) for 
the merchant to display on their web site demonstrating to online customers that 
the company is maintaining a rigorous and proactive security program. 


Leveraging QualysGuard’s award winning scanning technology, Qualys SECURE 
Seal is the only web site security testing service that extends the ability to scan 
web site(s) for malware, network and web application vulnerabilities, as well as 
validating the web site’s SSL certificate. 


This document outlines: 


e SECURE Seal Specifications 
e SECURE Seal Display Requirements (Sizing and Clear Space) 
e Frequently Asked Questions (FAQs) 
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The Qualys 


SECURE Seal 


Elements 


e Qualys Shield 
e QUALYS SECURE Type 


e Bounding Box 
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All elements (1 - 5) should always 
be used as part of the complete 
seal and not be altered in any form 
or fashion. 
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1 . Clear space zone devoid of 
imagery and typography must 
surround the seal. 


2. The dimensions of the shield 
should not be altered in any 
way and remain at 89x47 
pixels. 


3. In print applications, the seal 
should never appear with a 
width of less than one inch. 


Files auto-generated by the Qualys 
SECURE Seal service have been 
prepared with the correct sizes and 
with the appropriate clear space 
surrounding the seal, and should 
not be altered in any way. 


Color Usage 


1. Black 


The outline of the shield and 
Qualys type should always be 


QUAIYS’ 
CURE| 2. Pms a85 


The shield, and SECURE type 
01 Nov 2010 face should always be in PMS 
485 (or 222/29/11). 


Print Digital 

Always reproduce the Qualys 
SECURE Seal in the appropriate 
colors. 


PMS 485 PMS 485 
CMYK 100/43/0/0 RGB 222/29/11 
HEX #DE1DOB 


Qualys, Inc. Confidential. © 2010 Qualys, Inc. All Rights Reserved. Qualys, Qualys Secure, and QualysGuard are registered trademarks of Qualys, Inc. 5 


Unacceptable 


Usage 


QUALYS’ 
SECURE 


01 Nov 2010 


QUALYS’ 
Osc RE 


01 Nov 2010 


vr 


QUALYS’ 
Osicur: 


Click to veri 


QUALYS” 


SECURE 


01 Nov 2010 


0, QUALYS* 
SECURE 


01 Nov 2010 


QUALYS* 
SECURE 


01 Nov 2010 


Spa pN 
| 
N 


LD) IIE, 


ro SO 


Do not change the colors of the 
seal. 


Do not add any extra elements 
(e.g., glow, starburst, drop- 
shadow, etc.). 


Do not add words or phrases 
to the seal. 


Do not alter the shape or size 
of the seal and its components. 


Do not rotate or flip the seal. 


Do not use the seal with other 
graphic elements or shapes. 


The seal cannot be displayed 
on a background with patterns 
or images; the seal should 
appear on a white or solid- 
background. 
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Seal Placement 


(Online) 


Merchants can insert and display 
the Qualys SECURE seal on any 
web page within the domain 
protected by the Qualys SECURE 
zen seal. The seal should be used 
wherever the site visitors need to 
be aware of a site’s security. 


We recommend placing the Qualys 
SECURE seal on 4 important areas 
of a site: 


1. On your web site home page 
How Well Do near other web site information 
You Know SSL? — : and links. 


2. Near the top of all SSL-enabled 
pages. 

3. On all shopping cart and check- 
out pages. 


4. On any pages which detail the 
ri security or privacy protection you 
provide to your web site visitors. 
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Frequently 
Asked 


Questions 


Displaying the Qualys SECURE Seal gives consumers explicit 
visual identification that your site can be trusted. The Qualys 
SECURE Seal means your site has been scanned for malware 
that could compromise a visitor’s computer. In addition, the 
seal represents that your web site has no known vulnerabilities 
that could be exploited by an attacker looking to steal information. 


Furthermore, consumers have trust in security seals. Research 
shows that sites which display security seals have higher levels 
of click-through-rates, have lower shopping cart abandonment 
and convert more sales opportunities. 


The Qualys SECURE Seal is simple to install. After purchasing 
and signing up, you receive a snippet of HTML that you 
embed on your site. The Qualys SECURE Seal trustmark will 
automatically be displayed on your site after your site passes 
a Qualys SECURE Seal scan, consisting of the following: 


e Malware Scan 
Evaluates the site for malicious software the web site 
could unintentionally infect visitors with. 


e Network Perimeter Vulnerability Scan 
Identifies externally facing vulnerabilities on the web 
server that allow attackers to access specific information 
stored on the host. 


e Web Application Vulnerability Scan 
Scans for vulnerabilities in dynamic web applications, 
such as SQL Injection, to ensure consumers interact with 
web sites that safeguard their personal information. 


e SSL Certificate Validation 
Validates the web site’s SSL certificate is valid and current. 
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Qualys will continue to automatically scan your site on a 
recurring basis: 


e Malware Scan - daily 

e Network Perimeter Vulnerability Scan - weekly 
e Web Application Vulnerability Scan - weekly 

e SSL Certificate Validation - weekly 


You may also scan your site “on-demand” at any time. 


If Qualys SECURE Seal identifies an issue during a scan, an 
email notification is sent to the merchant. The email directs 

the merchant to login to the Qualys SECURE Seal portal to 

review and fix the security issue(s) identified. 


The Qualys SECURE Seal trustmark is only displayed by 
merchants who are proactive in remediating malware and 
critical vulnerabilities from their web site within the specified 
grace period noted on the web portal. Should the issue(s) 
remain unresolved beyond a 72 hour grace period, the Qualys 
SECURE Seal trustmark will be revoked and unavailable for 
display until the problems have been resolved. You may 
re-scan your site at any time via the Qualys SECURE 

Seal portal. 


Frequently Asked Questions 


What types of issues will take a web 
site out of compliance for the Qualys 
SECURE Seal service? 


Qualys SECURE Seal identifies malware and vulnerabilities 
when the scan is conducted. The Qualys Secure seal will be 
removed if security issues are detected, including but not 
limited to: 

e Malware is identified on the Site and not remediated 

e Validation issues associated with the SSL Certificate 

e Critical Perimeter Vulnerabilities 

e Cross-Site Scripting (XSS) Issues 


e Susceptibility to SQL Injection, Command Injection, HTTP 
Response Splitting, Local or Remote File Inclusion 
Vulnerabilities 


e The login form is not being submitted over an encrypted 
channel 


Can the Qualys SECURE seal be 
customized for display on our 
web site? 


No. Do not modify the Qualys SECURE Seal trustmark in 
any way. 


Where should the SECURE seal be 


placed on our web site? 

You should insert the code snippet and display the Qualys 
SECURE Seal trustmark on any Web page within the domain 
for which you are enrolled. You should insert the SECURE 
Seal in a location so that your web site visitors can clearly see 
your commitment to security. There are several locations on 
your web site we recommend, including: 


e On your web site home page near other web site informa- 
tion and links. 


e Near the top of all SSL-enabled pages. 
e Onall shopping cart and checkout pages. 


e On any pages which detail the security or privacy protection 
you provide to your web site visitors. 


It is also recommended that the seal be placed in locations 
that will get noticed by your web site visitors. Avoid placing it 
in hard-to-find locations and in areas, such as below the 
screen fold, where scrolling is required. 
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